96 lines
3.4 KiB
Diff
96 lines
3.4 KiB
Diff
From 40203390a48b8fa01d72c6a9739d963cf24556b8 Mon Sep 17 00:00:00 2001
|
|
From: Daiki Ueno <ueno@gnu.org>
|
|
Date: Mon, 28 Dec 2020 16:16:53 +0100
|
|
Subject: [PATCH 2/2] testpkcs11: use datefudge to trick certificate expiry
|
|
|
|
The certificates stored in tests/testpkcs11-certs expired on
|
|
2020-12-13. To avoid verification failure due to that, use datefudge
|
|
to set custom date when calling gnutls-cli, gnutls-serv, and certtool.
|
|
|
|
Based on the patch by Andreas Metzler:
|
|
https://gitlab.com/gnutls/gnutls/-/issues/1135#note_469682121
|
|
|
|
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
---
|
|
tests/scripts/common.sh | 5 +++++
|
|
tests/testpkcs11.sh | 12 +++++++++++-
|
|
2 files changed, 16 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/tests/scripts/common.sh b/tests/scripts/common.sh
|
|
index 6ae19fa58..69b5fd612 100644
|
|
--- a/tests/scripts/common.sh
|
|
+++ b/tests/scripts/common.sh
|
|
@@ -187,6 +187,11 @@ launch_bare_server() {
|
|
${SERV} $* >${LOGFILE-/dev/null} &
|
|
}
|
|
|
|
+launch_bare_server2() {
|
|
+ wait_for_free_port "$PORT"
|
|
+ "$@" >${LOGFILE-/dev/null} &
|
|
+}
|
|
+
|
|
wait_server() {
|
|
local PID=$1
|
|
trap "test -n \"${PID}\" && kill ${PID};exit 1" 1 15 2
|
|
diff --git a/tests/testpkcs11.sh b/tests/testpkcs11.sh
|
|
index 9458af238..3d74bfea6 100755
|
|
--- a/tests/testpkcs11.sh
|
|
+++ b/tests/testpkcs11.sh
|
|
@@ -67,6 +67,8 @@ have_ed25519=0
|
|
P11TOOL="${VALGRIND} ${P11TOOL} --batch"
|
|
SERV="${SERV} -q"
|
|
|
|
+TESTDATE=2020-12-01
|
|
+
|
|
. ${srcdir}/scripts/common.sh
|
|
|
|
rm -f "${LOGFILE}"
|
|
@@ -79,6 +81,8 @@ exit_error () {
|
|
exit 1
|
|
}
|
|
|
|
+skip_if_no_datefudge
|
|
+
|
|
# $1: token
|
|
# $2: PIN
|
|
# $3: filename
|
|
@@ -523,6 +527,7 @@ write_certificate_test () {
|
|
pubkey="$5"
|
|
|
|
echo -n "* Generating client certificate... "
|
|
+ datefudge -s "$TESTDATE" \
|
|
"${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \
|
|
--template ${srcdir}/testpkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \
|
|
--load-pubkey "$pubkey" --outfile tmp-client.crt >>"${LOGFILE}" 2>&1
|
|
@@ -900,7 +905,9 @@ use_certificate_test () {
|
|
echo -n "* Using PKCS #11 with gnutls-cli (${txt})... "
|
|
# start server
|
|
eval "${GETPORT}"
|
|
- launch_pkcs11_server $$ "${ADDITIONAL_PARAM}" --echo --priority NORMAL --x509certfile="${certfile}" \
|
|
+ launch_bare_server2 datefudge -s "$TESTDATE" \
|
|
+ $VALGRIND $SERV $DEBUG -p "$PORT" \
|
|
+ ${ADDITIONAL_PARAM} --debug 10 --echo --priority NORMAL --x509certfile="${certfile}" \
|
|
--x509keyfile="$keyfile" --x509cafile="${cafile}" \
|
|
--verify-client-cert --require-client-cert >>"${LOGFILE}" 2>&1
|
|
|
|
@@ -908,13 +915,16 @@ use_certificate_test () {
|
|
wait_server ${PID}
|
|
|
|
# connect to server using SC
|
|
+ datefudge -s "$TESTDATE" \
|
|
${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 && \
|
|
fail ${PID} "Connection should have failed!"
|
|
|
|
+ datefudge -s "$TESTDATE" \
|
|
${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \
|
|
--x509keyfile="$keyfile" --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
fail ${PID} "Connection (with files) should have succeeded!"
|
|
|
|
+ datefudge -s "$TESTDATE" \
|
|
${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \
|
|
--x509keyfile="${token};object=gnutls-client;object-type=private" \
|
|
--x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
--
|
|
2.29.2
|
|
|